[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Do you use LedgerSMB

Subject: Re: Do you use LedgerSMB
From: "Armaghan Saqib" <..hidden..>
Date: Thu, 7 Jun 2007 22:50:17 -0700

Hi Chris,

Just out of curiosity, which files in 1.1.x are server
writable/executable so that we could better protect
them.

Regards

On 6/7/07, Chris Travers <..hidden..> wrote:

1.2.x does not have any server writable and executable files and these
are somewhat separated (server-writeable files are limited to
templates, css, and spool, and none of these are executable).

1.1.x did not have this advantage, however.

Best Wishes,
Chris Travers

On 6/7/07, Mads Kiilerich <..hidden..> wrote:
> Chris Travers wrote, On 06/08/2007 12:26 AM:
> > I do use it for my accounting.  There is an entry in the faq about
> > getting it to work with SELinux, and you can also set it to permissive
> > while you resolve the problems.
> >
> >
> >> I'll have to try and install LedgerSMB again though. I tried it on my Fedora 6 box and it wouldn't work. I think that the SELinux thingy is mainly the problem.
>
> The RPM does not work with SELinux in enforcing mode - and says so. I
> have not been able to find any faq entry discussing this.
>
> SELinux (and to some extent FHS) clearly separates "being writable
> through the web" and "being executable through the web". LedgerSMB by
> (inherited) design unfortunately conflicts with this principle. That's
> one reason to why I wouldn't expose LedgerSMB urls to untrusted users.
> That you has to disable SELinux could be another.
>
> /Mads
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Ledger-smb-users mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
>

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Ledger-smb-users mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-users

Follow-Ups:
- Re: Do you use LedgerSMB
  - From: Chris Travers

References:
- Do you use LedgerSMB
  - From: Patrick J. McLaughlin Jr.
- Re: Do you use LedgerSMB
  - From: Chris Travers
- Re: Do you use LedgerSMB
  - From: Mads Kiilerich
- Re: Do you use LedgerSMB
  - From: Chris Travers

Prev by Date: Re: AP Invoice Entry Error
Next by Date: Re: AP Invoice Entry Error
Previous by thread: Re: Do you use LedgerSMB
Next by thread: Re: Do you use LedgerSMB
Index(es):
- Date
- Thread